Dropbox Accounts Accessible Without Password

Dropbox has confirmed that for some time yesterday, any users account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST, reports Cnet.

A statement was issued by Dropbox explaining the issue:
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.

For those 4 hours, anyone who was aware of the glitch could have accessed your data stored on the Dropbox servers without restriction. Dropbox Co-Founder Arash Ferdowsi said:

“We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.”

Read morr: http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/?part=rss&subj=news&tag=2547-1_3-0-20

Post a Reply

Your email address will not be published. Required fields are marked *